[squid-users] More extensible helper facility [was: Squid 3 SSL bump: Google drive application could not connect}

Yuri Voinov yvoinov at gmail.com
Mon Jan 5 11:46:33 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Don't think so.

AFAIK, the firewall-based/external router solution will be
OS/infrastructure-specific. Also, separate subsystem also will be heavy
and KISS-aware. I.e crutch. :)

So, I think all we need - good fast and scalable helper for external ACL
handling. May be with database. BerkeleyDB, for example.

BTW, I will prefer to keep ssl_crtd certs also in indexed database.

So, logically to have all this functionality either in ssl_crtd, or as
advanced helper. This vill be OS-specific aware and can be useful in any
usecases.


05.01.2015 16:56, shawn wilson пишет:
>
> Wouldn't it be better to have a pipe option (a helper with persistence
- I'm thinking of postfix options here) and a totally separate project
to handle encryption and mitm? If you had something independent to help,
you might be able to detect other protocols and handle them properly vs
different projects having different levels of bump-ability.
>
> Not sure if we just need a better pipe facility and some script with
sslstrip and openssl could handle the rest (I think that's doable) or if
more would be required.
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBAgAGBQJUqnmZAAoJENNXIZxhPexGB80IAKD+Jw9XP3Dj2EdXUTKQbGrK
GFNm+IdctED2kRlnNXcVwWCZRHQdTjCn6VFqCnCd2RJ9q4IAR9KjyQrpxydX/q5P
is5HvuIDGvjLOkyIqLYulWdsnXBBFJ71oA2vqlVjRvMpLJDQfUoCFhbcEk/9TVy0
yGq6wDCLTl4R8qkCjTaWsLFtS9RVITzDaeSY7n0lmqhgLSddailRhHbu4eJs4PWK
z0E2dicP60Qq3qPB5eQatE3NM83AuJFQmAoNyMeoN7ovIbJ+32ARbP++H7mUdtTe
bhY6buAWzv3Rl5ItJA7jqWSEkMdGReTxGyG2VfkYJjN0W/FqNpUvdDB3LwkMdBI=
=ogt3
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150105/911397c4/attachment.html>


More information about the squid-users mailing list